The Rise of the Ransomware Attack

Inspirational Quotes for Minimalists Instagram Post (1)
Ashton Mortimer

Ashton Mortimer

In one of our May blogs, Seb looked at ransomware: what it is and the measures we can put in place to help prevent attacks. However, earlier this month, when cybersecurity giant Kaseya were badly hit, we were reminded of how large-scale attacks are still happening worldwide and why the need for cybersecurity vigilance is more important than ever.

Ransomware is an upgraded version of a virus or malware. Instead of damaging, deleting, or stealing files like a virus would, ransomware is a little more sophisticated. It simply encrypts or steals data and then, as the name would suggest, the developer demands large sums of money or else the data is either lost or released to the public. Both present huge and obvious problems, not least because of the severe penalties that can be imposed by authorities such as the Information Commissioner’s Office (ICO) relating to GDPR data breaches and security failures, which is how these situations are often viewed. Although the business being attacked may appear to be the ‘victim’, GDPR views the data subjects as the true victim and, as such, holds the business responsible for protecting their data.

Ransomware attacks are on the rise. Since the pandemic started last year, attacks have risen by an astronomical 715% compared to 2019, costing businesses millions, and subsequently, causing cybersecurity insurance premiums to skyrocket in the last 4 years. Hacking groups have targeted major corporations and hospitals and have gained millions of dollars’ worth of Bitcoin from these attacks.

As you may have seen in the news recently, Russian group REvil (also known as Ransomware Evil or Sodinokibi), hit out with the latest threat to global cyber security at the beginning of July. A group responsible for previous attacks on tech giants such as Apple, Microsoft, and Acer, REvil are a Ransomware-as-a-service operation. Ransomware as a Service (RaaS) is an adaptation of the Software as a Service (SaaS) business model. It allows users to gain access to pre-developed ransomware programs – the developers then earning a percentage of each successful ransom payment.

REvil are a big threat to businesses of all shapes and sizes. They have been cited as being connected to cyberterrorist group Darkside. Cybersecurity experts believe that they are a child group of disbanded hacking group GandCrab as their codes are quite similar and they both display similar ransom messages.

The recent attack on Kaseya, a cyber security provider from Miami, spread across hundreds of their clients. This included The Co-op here in the UK: hundreds of their till systems were affected by the ransomware. Kaseya are responsible for the cyber security of over a thousand businesses, and on July 4th, 2021, most of these businesses were attacked by ransomware. REvil demanded $50,000 -$5,000,000 from each business, depending on their size. Some have spoken out about this while others have stayed quiet and paid the ransom. The potential damage caused by these attacks is far greater than just financial – severe reputational harm and a loss of confidence from clients and the public can be just as crippling.

REvil are not only responsible for this recent attack though; the full list of the attacks they have committed are as follows:

May 2020 – Hit a New York law firm responsible for Donald Trump: no payments made; 169 emails were released to the public regarding Donal Trump.

March 2021 – Attacked The Harris Foundation: published multiple financial documents and shut down IT systems, affecting 37,000 Students.

March 2021 – Claimed to download data and install ransomware on multiple Acer devices. This has been linked to the 2021 Microsoft Exchange server data breach. Demanded $50,000,000 which would double in 10 days if unpaid.

April 2021 – Stole plans from Quanta Computer, rumoured to include plans for new Apple Laptops, a new Apple Watch, and a Lenovo Thinkpad. They threatened to publish the plans unless they received $50,000,000.

May 2021 – Attacked the US’ biggest meat producer, JBS, causing all beef and many poultry and pork operations to be shut down temporarily. JBS paid $11,000,000.

July 2021 – REvil attacked Kaseya, forcing Co-Op to close 500 stores temporarily as cash machines were deactivated. They earned approximately $70,000,000 from this.

July 2021 – Hacked HX5, a space and weapon-launch contractor, some of its customers include The US Navy, Army, Airforce, and NASA.

So, what can you do to best ensure your cybersecurity’s safety?

Simply put, have a plan in place. Whether that’s money put aside for a disaster or a quick way to deactivate your server. A plan is always a good way to limit damages in a tough situation. These attacks can target any business at any time.

Upgrade your software. Stay up to date with your operating system/application updates. Studies show that companies that neglect updates are more vulnerable to all cyber-attacks, including ransomware.

Consider moving to the cloud. More details about the Cloud can be found our blog: 5 Reasons to Move to The Cloud – West Wales Systems.

Back-up everything. Backups are one of the best ways of defending yourself from cyber-attacks. The threat of deleted files after an attack is less of an issue when you have a spare set locked away. Although it can be a bit of a faff to restore the files from backup, it could save you thousands of pounds.

And last, but certainly not least, raise employee awareness. Make sure all employees know not to click into suspicious emails, or on unfamiliar links, or to give out confidential data. Also consider limiting cyber permissions of employees, thus further reducing the risk of a virus being downloaded. Responsible computer usage remains one of the most effective weapons against any form of malware.

At West Wales Systems, we are experts at cybersecurity. Our on-going support packages can help protect you by combining the measures above in to one seamless service. We can automatically back up your files, keep your operating system and software up to date as well as remotely monitor the health of your systems.

If you feel it is the right time for you to upgrade your cybersecurity, please contact us via email at [email protected] or on 01437700701.